You can't secure what you don't acknowledge.SM

Tuesday, June 10, 2008

How to stumble across new Web vulnerabilities

I just learned how a lesser-known Web vulnerability scanner can prove to be as valuable as the big dog high-end scanners. Acunetix Web Vulnerability Scanner - an excellent Web scanning tool, especially for the price - found a weak Web login/password combo. Obviously something that can lead to all sorts of security issues. It would take a lot more time and effort to uncover this in a real-world Web security assessment scenario...something most of us can't afford to take on - especially after the deal's been sold.

Lesson learned: use multiple tools when checking for Web application vulnerabilities. No single tool is going to uncover everything but if you combine the best ones, odds are you'll find the things that matter.

No comments:

Post a Comment